[go: nahoru, domu]

US20200100102A1 - Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system - Google Patents

Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system Download PDF

Info

Publication number
US20200100102A1
US20200100102A1 US16/064,715 US201816064715A US2020100102A1 US 20200100102 A1 US20200100102 A1 US 20200100102A1 US 201816064715 A US201816064715 A US 201816064715A US 2020100102 A1 US2020100102 A1 US 2020100102A1
Authority
US
United States
Prior art keywords
security key
gnb
encryption algorithm
protocol
user plane
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/064,715
Inventor
Jian Xu
Daewook Byun
Seokjung KIM
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LG Electronics Inc
Original Assignee
LG Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LG Electronics Inc filed Critical LG Electronics Inc
Priority to US16/064,715 priority Critical patent/US20200100102A1/en
Priority claimed from PCT/KR2018/006854 external-priority patent/WO2018231031A2/en
Assigned to LG ELECTRONICS INC. reassignment LG ELECTRONICS INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BYUN, Daewook, KIM, Seokjung, XU, JIAN
Publication of US20200100102A1 publication Critical patent/US20200100102A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/0013
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • H04W12/0401
    • H04W12/04031
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/27Transitions between radio resource control [RRC] states
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/08Upper layer protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices
    • H04W88/085Access point devices with remote components
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/12Access point controller devices

Definitions

  • the present invention relates to wireless communication and, more particularly, to a method and an apparatus for supporting security when a central unit (CU)-control plane (CP) and a CU-user plane (UP) are separated in a new radio access technology (NR) system.
  • CU central unit
  • CP central unit
  • UP CU-user plane
  • NR new radio access technology
  • 3rd generation partnership project (3GPP) long-term evolution (LTE) is a technology for enabling high-speed packet communications.
  • 3GPP 3rd generation partnership project
  • LTE long-term evolution
  • Many schemes have been proposed for the LTE objective including those that aim to reduce user and provider costs, improve service quality, and expand and improve coverage and system capacity.
  • the 3GPP LTE requires reduced cost per bit, increased service availability, flexible use of a frequency band, a simple structure, an open interface, and adequate power consumption of a terminal as an upper-level requirement.
  • ITU international telecommunication union
  • NR new radio
  • 3GPP has to identify and develop the technology components needed for successfully standardizing the new RAT timely satisfying both the urgent market needs, and the more long-term requirements set forth by the ITU radio communication sector (ITU-R) international mobile telecommunications (IMT)-2020 process.
  • ITU-R ITU radio communication sector
  • IMT international mobile telecommunications
  • the NR should be able to use any spectrum band ranging at least up to 100 GHz that may be made available for wireless communications even in a more distant future.
  • the NR targets a single technical framework addressing all usage scenarios, requirements and deployment scenarios including enhanced mobile broadband (eMBB), massive machine-type-communications (mMTC), ultra-reliable and low latency communications (URLLC), etc.
  • eMBB enhanced mobile broadband
  • mMTC massive machine-type-communications
  • URLLC ultra-reliable and low latency communications
  • the NR shall be inherently forward compatible.
  • C-RAN radio access network
  • NR In NR, it has been introduced to divide a base station into a central unit (CU) and a distributed unit (DU) in order to solve the problem of fronthaul. In addition, it has been introduced to divide the CU into a CU-control plane (CP) and a CU-user plane (UP) in order to realize the concept of cloud RAN.
  • CP CU-control plane
  • UP CU-user plane
  • a method for supporting, by a central unit (CU)-control plane (CP) of a gNB, security of a CU-user plane (CU-UP) of the gNB in a wireless communication system includes selecting an encryption algorithm, generating a user plane security key for the CU-UP based on the encryption algorithm, and transmitting the user plane security key for the CU-UP to the CU-UP.
  • CU central unit
  • CP central unit
  • CU-UP CU-user plane
  • a method for supporting, by a central unit (CU)-user plane (UP) of a gNB, security in a wireless communication system includes receiving a user plane security key for the CU-UP from a CU-control plane (CP) of the gNB, and applying the received user plane security key,
  • CU central unit
  • UP user plane
  • CP CU-control plane
  • the CU-CP is a logical node constituting the gNB that hosts a radio resource control (RRC) protocol and a packet data convergence protocol (PDCP)-C protocol
  • the CU-UP is a logical node constituting the gNB that hosts a PDCP-U protocol.
  • the CU-UP can process a data packet through security. Further, the CU-UP can successively process data packets through updated security.
  • FIG. 1 shows an NG-RAN architecture.
  • FIG. 2 shows a NG user plane protocol stack in a NR system.
  • FIG. 3 shows a NG control plane protocol stack in a NR system.
  • FIG. 4 shows an Xn user plane protocol stack in a NR system.
  • FIG. 5 shows an Xn control plane protocol stack in a NR system.
  • FIG. 6 shows an example of the overall architecture of an NG-RAN.
  • FIG. 7 shows logical nodes (CU-C, CU-U, and DU) in a logical gNB/en-gNB.
  • FIG. 8 shows a deployment scenario for a gNB.
  • FIG. 9 shows the protocol structure of an E1 interface defined between a CU-CP and a CU-UP.
  • FIG. 10 illustrates a method for supporting security of the CU-UP according to embodiment 1-1 of the present invention.
  • FIG. 11 illustrates a method for supporting security of the CU-UP according to embodiment 1-2 of the present invention.
  • FIG. 12 illustrates a method for supporting security of the CU-UP according to embodiment 1-3 of the present invention.
  • FIG. 13 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-1 of the present invention.
  • FIG. 14 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-2 of the present invention.
  • FIG. 15 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-3 of the present invention.
  • FIG. 16 illustrates a method in which a CU-CP of a gNB supports security of a CU-UP according to an embodiment of the present invention.
  • the technical features described below may be used by a communication standard by the 3rd generation partnership project (3GPP) standardization organization, a communication standard by the institute of electrical and electronics engineers (IEEE), etc.
  • the communication standards by the 3GPP standardization organization include long-term evolution (LTE) and/or evolution of LTE systems.
  • LTE long-term evolution
  • LTE-A LTE-advanced
  • LTE-A Pro LTE-A Pro
  • NR 5G new radio
  • the communication standard by the IEEE standardization organization includes a wireless local area network (WLAN) system such as IEEE 802.11a/b/g/n/ac/ax.
  • WLAN wireless local area network
  • the above system uses various multiple access technologies such as orthogonal frequency division multiple access (OFDMA) and/or single carrier frequency division multiple access (SC-FDMA) for downlink (DL) and/or uplink (DL).
  • OFDMA orthogonal frequency division multiple access
  • SC-FDMA single carrier frequency division multiple access
  • OFDMA and SC-FDMA may be used for DL and/or UL.
  • a 5G system is a 3GPP system including a 5G access network (AN), a 5G core network (CN), and a user equipment (UE).
  • the 5G AN is an access network including a non-3GPP access network connected to a CN and/or a new-generation radio access network (NG-RAN).
  • NG-RAN new-generation radio access network
  • FIG. 1 shows an NG-RAN architecture.
  • the NG-RAN includes at least one NG-RAN node.
  • the NG-RAN node includes at least one gNB and/or at least one ng-eNB.
  • the gNB provides NR user plane and control plane protocol terminations towards the UE.
  • the ng-eNB provides E-UTRA user plane and control plane protocol terminations towards the UE.
  • the gNBs and ng-eNBs are interconnected with each other by means of the Xn interface.
  • the gNBs and ng-eNBs are also connected by means of the NG interfaces to the 5G CN. More specifically, the gNBs and ng-eNBs are connected to the access and mobility management function (AMF) by means of the NG-C interface and to the user plane function (UPF) by means of the NG-U interface.
  • AMF access and mobility management function
  • UPF user plane function
  • the gNB and/or ng-eNB host the following functions:
  • the AMF hosts the following main functions:
  • the UPF hosts the following main functions:
  • the SMF hosts the following main functions:
  • FIG. 2 shows a NG user plane protocol stack in a NR system.
  • the NG-U which is the NG user plane interface is defined between the NG-RAN node and the UPF.
  • the transport network layer (TNL) is built on IP transport.
  • the GPRS tunneling protocol user plane (GTP-U) is used on top of user datagram protocol (UDP)/IP to carry the user plane PDUs between the NG-RAN node and the UPF.
  • NG-U provides non-guaranteed delivery of user plane PDUs between the NG-RAN node and the UPF.
  • FIG. 3 shows a NG control plane protocol stack in a NR system.
  • the NG-C which is the NG control plane interface is defined between the NG-RAN node and the AMF.
  • the TNL is built on IP transport.
  • the stream control transmission protocol SCTP
  • the application layer signaling protocol is referred to as NG application protocol (NGAP).
  • NGAP NG application protocol
  • the SCTP layer provides guaranteed delivery of application layer messages.
  • IP layer point-to-point transmission is used to deliver the signaling PDUs.
  • NG-C provides the following functions:
  • FIG. 4 shows an Xn user plane protocol stack in a NR system.
  • the Xn-U which is the Xn user plane interface is defined between two NG-RAN nodes.
  • the TNL is built on IP transport.
  • the GTP—U layer is used on top of UDP/IP to carry the user plane PDUs between two NG-RAN nodes.
  • Xn-U provides non-guaranteed delivery of user plane PDUs between two NG-RAN nodes and supports the following functions:
  • FIG. 5 shows an Xn control plane protocol stack in a NR system.
  • the Xn-C which is the Xn control plane interface is defined between two NG-RAN nodes.
  • the TNL is built on SCTP on top of IP layer.
  • the application layer signaling protocol is referred to as Xn application protocol (XnAP).
  • XnAP Xn application protocol
  • the SCTP layer provides the guaranteed delivery of application layer messages. In the transport IP layer point-to-point transmission is used to deliver the signaling PDUs.
  • the Xn-C interface supports the following functions:
  • FIG. 6 shows an example of the overall architecture of an NG-RAN.
  • a gNB may include a gNB-central unit (CU) and at least one gNB-distributed unit (DU).
  • CU gNB-central unit
  • DU gNB-distributed unit
  • the gNB-CU is a logical node that hosts a radio resource control (RRC) protocol, a service data adaptation protocol (SDAP) and a packet data convergence protocol (PDCP) of the gNB or an RRC protocol and a PDCP protocol of an en-gNB.
  • RRC radio resource control
  • SDAP service data adaptation protocol
  • PDCP packet data convergence protocol
  • the gNB-CU controls the operation of the at least one gNB-DU.
  • the gNB-DU is a logical node that hosts radio link control (RLC), media access control (MAC), and physical layers of the gNB or the en-gNB.
  • RLC radio link control
  • MAC media access control
  • the operation of the gNB-DU is controlled in part by the gNB-CU.
  • One gNB-DU supports one or more cells. One cell is supported by only one gNB-DU.
  • the gNB-CU and gNB-DU are connected via an F1 interface.
  • the gNB-CU terminates the F1 interface connected to the gNB-DU.
  • the gNB-DU terminates the F1 interface connected to the gNB-CU.
  • One gNB-DU is connected to only one gNB-CU. However, the gNB-DU can be connected to a plurality gNB-CUs by suitable implementation.
  • the F1 interface is a logical interface. In the NG-RAN, NG and Xn-C interfaces for a gNB including a gNB-CU and one or more gNB-DUs are terminated by the gNB-CU.
  • S1-U and X2-C interfaces for the gNB including the gNB-CU and one or more gNB-DUs are terminated by the gNB-CU.
  • a gNB-CU and a gNB-DU connected thereto are seen only as a gNB by another gNB and SGC.
  • FIG. 7 shows logical nodes (CU-C, CU-U, and DU) in a logical gNB/en-gNB.
  • FIG. 7 shows one possible deployment scenario for the NG-RAN shown in FIG. 6 .
  • the protocol termination of NG and Xn interfaces is indicated by an ellipse in FIG. 7 .
  • a central entity and a distributed entity represent physical network nodes.
  • FIG. 8 shows a deployment scenario for a gNB.
  • FIG. 8 shows an example of the architecture and the possible deployment scenario of the NG-RAN illustrated in FIGS. 6 and 7 .
  • FIG. 8 -( a ) shows a collapsed gNB deployment scenario.
  • this deployment scenario all RAN protocols and functions are in the same location.
  • This deployment scenario corresponds to that currently used in LTE.
  • This deployment scenario is similar to LTE architecture, thus ensuring maximum backward compatibility with the existing LTE deployment scenario.
  • FIG. 8 -( b ) shows a disaggregated deployment scenario.
  • RAN protocol functions are distributed across different locations, such as a CU and a DU.
  • the DU hosts RLC, MAC, and physical layers.
  • a CU-CP hosts RRC and PDCP-C protocols.
  • a CU-UP hosts a PDCP-U (and SDAP) protocol.
  • the DU and the CU-CP may be connected via an F1-C interface.
  • the DU and the CU-UP may be connected via an F1-U interface.
  • the CU-CP and the CU-UP may be connected via an E1 interface.
  • the RAN functions may be optimally deployed at different locations based on the scenario and desired performance.
  • the CU-CP may be located near the DU.
  • the CU-CP may be deployed together with DU.
  • a short latency time may be provided for an important CP procedure, such as connection (re)establishment, handover, and state transition.
  • the CU-UP may be centralized in a regional or national data center.
  • the CU-UP is advantageous for cloud implementation and may provide a centralized termination point for UP traffic in dual connectivity and tight interworking scenarios.
  • an additional CU-UP may be disposed close to (or co-located with) the DU to provide a local termination point of UP traffic for an application requiring a very low latency time (e.g. ultra-reliable low-latency communications (URLLC) traffic).
  • URLLC ultra-reliable low-latency communications
  • FIG. 9 shows the protocol structure of an E1 interface defined between a CU-CP and a CU-UP.
  • a TNL is based on IP transmission and includes an SCTP layer above an IP layer.
  • An application-layer signaling protocol is referred to as an E1 application protocol (E1AP).
  • user-plane data is encrypted by a PDCP between a UE and an eNB.
  • An encryption function includes both ciphering and deciphering.
  • a unit for encrypted data is a data portion of a PDCP protocol data unit (PDU). Encryption cannot be applied to a PDCP control PDU.
  • An encryption algorithm and a security key used by the PDCP are configured by an RRC layer. The encryption function is activated/suspended/resumed by the RRC layer. When security is activated but is not suspended, the encryption function needs to be applied all PDCP PDUs indicated by the RRC layer for each of DL/UL.
  • the PDCP layer needs to have a security key and an encryption algorithm.
  • the PDCP layer may generate an encryption key for the user plane, K UPenc , based on the security key and the encryption algorithm.
  • the PDCP layer is divided into a PDCP-C in the CU-CP and a PDCP-U in the CU-UP, it is necessary to determine which node to generate a security key, to select an encryption algorithm, and to generate K UPenc for security for the traffic of the CU-UP among the CU-CP and the CU-UP. Further, it is necessary to determine signaling corresponding to the CU-UP.
  • Embodiment 1 of the present invention proposes an initial procedure for a CU-UP to support security of a data packet when a CU-CP and the CU-UP are separated.
  • a CU-CP and the CU-UP are separated.
  • FIG. 10 illustrates a method for supporting security of the CU-UP according to embodiment 1-1 of the present invention.
  • the CU-CP is responsible for generating a security key and selecting an encryption algorithm
  • the CU-UP is responsible for generating K UPenc .
  • the CU-CP generates a security key.
  • the security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-CP selects an encryption algorithm for a UE based on the security-related capability of the UE.
  • the security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • the encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • step S 1010 the CU-CP transmits the generated security key and the selected encryption algorithm to the CU-UP.
  • the generated security key and the selected encryption algorithm may be transmitted through a UP setup procedure.
  • step S 1020 the CU-UP generates an encryption key K UPenc for a user plane based on the generated security key and the selected encryption algorithm. Specifically, the CU-UP derives K UPenc by inputting the generated security key and the selected encryption algorithm to a key derivation function (KDF). The generated/derived K UPenc is used to protect UP traffic in the CU-UP.
  • KDF key derivation function
  • step S 1030 the CU-UP transmits a confirmation message to the CU-CP.
  • the confirmation message may be transmitted through a connection setup confirmation procedure.
  • FIG. 11 illustrates a method for supporting security of the CU-UP according to embodiment 1-2 of the present invention.
  • the CU-CP is entirely responsible for generating a security key, selecting an encryption algorithm, and generating K UPenc .
  • the CU-CP In step S 1100 , the CU-CP generates a security key.
  • the security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-CP selects an encryption algorithm for a UE based on the security-related capability of the UE.
  • the security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • the encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-CP generates an encryption key K UPenc for a user plane based on the generated security key and the selected encryption algorithm. Specifically, the CU-CP derives K UPenc by inputting the generated security key and the selected encryption algorithm to a KDF. The generated/derived K UPenc is used to protect UP traffic in the CU-UP.
  • step S 1110 the CU-CP transmits the generated/derived K UPenc to the CU-UP.
  • the generated/derived K UPenc may be transmitted through a UP setup procedure.
  • step S 1120 the CU-UP applies the received K UPenc to protect UP traffic.
  • step S 1130 the CU-UP transmits a confirmation message to the CU-CP.
  • the confirmation message may be transmitted through a connection setup confirmation procedure.
  • FIG. 12 illustrates a method for supporting security of the CU-UP according to embodiment 1-3 of the present invention.
  • the CU-CP is responsible for generating a security key
  • the CU-UP is responsible for selecting an encryption algorithm and generating K UPenc .
  • the CU-CP In step S 1200 , the CU-CP generates a security key.
  • the security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • step S 1210 the CU-CP transmits the generated security key and the security-related capability of a UE to the CU-UP.
  • the generated security key and the security-related capability of the UE may be transmitted through a UP setup procedure.
  • the security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • the CU-UP selects an encryption algorithm for the UE based on the received security-related capability of the UE.
  • the encryption algorithm encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-UP generates an encryption key K UPenc for a user plane based on the generated security key and the selected encryption algorithm. Specifically, the CU-UP derives K UPenc by inputting the generated security key and the selected encryption algorithm to a KDF. The generated/derived K UPenc is used to protect UP traffic in the CU-UP.
  • step S 1230 the CU-UP transmits a confirmation message including the selected encryption algorithm to the CU-CP.
  • the confirmation message may be transmitted through a connection setup confirmation procedure.
  • step S 1240 the CU-CP processes the selected encryption algorithm received from the CU-UP.
  • the CU-CP may determine whether to apply the same selected encryption algorithm in the CU-CP.
  • the CU-CP transmits an RRC connection reconfiguration message including the selected encryption algorithm to the UE.
  • the UE transmits an RRC connection reconfiguration complete message to the CU-CP in response to the RRC connection reconfiguration message.
  • the CU-UP can process a data packet through security.
  • Embodiment 2 of the present invention proposes an update procedure for supporting security of a data packet in order to solve the problem of PDCP wrap-around that may occur in a CU-UP when a CU-CP and the CU-UP are separated.
  • a large quantity of data packets may be provided by the CU-UP, in which a PDCP count may wrap around in the CU-UP.
  • a method of initiating a procedure for renewing/updating the security key of the CU-UP may be needed, because the CU-UP is a node that knows the actual condition of a data packet.
  • a secondary node triggers PDCP count wrap around through a secondary cell group (SCG) change instruction in an SN modification request message transmitted to a master node (MN).
  • SCG secondary cell group
  • FIG. 13 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-1 of the present invention.
  • the CU-CP is responsible for updating a security key and an encryption algorithm
  • the CU-UP is responsible for updating K UPenc .
  • step S 1300 the CU-UP detects that a DL or UL PDCP count is soon to wrap around.
  • step S 1310 the CU-UP transmits a PDCP count wrap-around indication to the CU-CP.
  • the PDCP count wrap-around indication may be transmitted via a connection modification procedure.
  • the CU-CP updates a security key.
  • the security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-CP updates an encryption algorithm for a UE based on the security-related capability of the UE.
  • the security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • the encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • step S 1330 the CU-CP transmits the updated security key and the updated encryption algorithm to the CU-UP.
  • the updated security key and the updated encryption algorithm may be transmitted through a UP modification procedure.
  • step S 1340 the CU-UP newly generates an encryption key K UPenc for a user plane based on the updated security key and the updated encryption algorithm. Specifically, the CU-UP derives updated K UPenc by inputting the updated security key and the updated encryption algorithm to a KDF. The updated K UPenc is used to protect UP traffic in the CU-UP.
  • step S 1350 the CU-UP transmits a confirmation message to the CU-CP.
  • the confirmation message may be transmitted through a connection modification confirmation procedure.
  • FIG. 14 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-2 of the present invention.
  • the CU-CP is entirely responsible for updating a security key, an encryption algorithm, and K UPenc .
  • step S 1400 the CU-UP detects that a DL or UL PDCP count is soon to wrap around.
  • step S 1410 the CU-UP transmits a PDCP count wrap-around indication to the CU-CP.
  • the PDCP count wrap-around indication may be transmitted via a connection modification procedure.
  • the CU-CP updates a security key.
  • the security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-CP updates an encryption algorithm for a UE based on the security-related capability of the UE.
  • the security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • the encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-CP newly generates an encryption key K UPenc for a user plane based on the updated security key and the updated encryption algorithm. Specifically, the CU-CP derives updated K UPenc by inputting the updated security key and the updated encryption algorithm to a KDF. The updated K UPenc is used to protect UP traffic in the CU-UP.
  • step S 1430 the CU-CP transmits the updated K UPenc to the CU-UP.
  • the updated K UPenc may be transmitted through a UP modification procedure.
  • step S 1440 the CU-UP applies the received K UPenc to protect UP traffic.
  • step S 1450 the CU-UP transmits a confirmation message to the CU-CP.
  • the confirmation message may be transmitted through a connection modification confirmation procedure.
  • FIG. 15 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-3 of the present invention.
  • the CU-CP is responsible for updating a security key
  • the CU-UP is responsible for updating an encryption algorithm and K UPenc .
  • step S 1500 the CU-UP detects that a DL or UL PDCP count is soon to wrap around.
  • step S 1510 the CU-UP transmits a PDCP count wrap-around indication to the CU-CP.
  • the PDCP count wrap-around indication may be transmitted via a connection modification procedure.
  • the CU-CP updates a security key.
  • the security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • step S 1530 the CU-CP transmits the updated security key and the security-related capability of a UE to the CU-UP.
  • the updated security key and the security-related capability of the UE may be transmitted through a UP modification procedure.
  • the security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • the CU-UP update an encryption algorithm for the UE based on the received security-related capability of the UE.
  • the encryption algorithm encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • the CU-UP newly generates an encryption key K UPenc for a user plane based on the updated security key and the updated encryption algorithm. Specifically, the CU-UP derives updated K UPenc by inputting the updated security key and the updated encryption algorithm to a KDF. The updated K UPenc is used to protect UP traffic in the CU-UP.
  • step S 1550 the CU-UP transmits a confirmation message including the updated encryption algorithm to the CU-CP.
  • the confirmation message may be transmitted through a connection modification confirmation procedure.
  • step S 1560 the CU-CP processes the updated encryption algorithm received from the CU-UP.
  • the CU-CP may determine whether to apply the same updated encryption algorithm in the CU-CP.
  • step S 1570 the CU-CP transmits an RRC connection reconfiguration message including the updated encryption algorithm to the UE.
  • step S 1580 the UE transmits an RRC connection reconfiguration complete message to the CU-CP in response to the RRC connection reconfiguration message.
  • the CU-UP can successively process data packets through updated security when a PDCP count wraps around in the CU-UP.
  • FIG. 16 illustrates a method in which a CU-CP of a gNB supports security of a CU-UP according to an embodiment of the present invention.
  • the embodiment of FIG. 16 corresponds to embodiments 1-2 and 2-2 described above.
  • a CU-CP selects an encryption algorithm.
  • the encryption algorithm may be selected based on the security-related capability of a UE.
  • the security-related capability of the UE may be any encryption algorithm supported by the UE.
  • the CU-CP generates a user-plane security key for the CU-UP based on the encryption algorithm.
  • the CU-CP may generate a security key.
  • the user-plane security key for the CU-UP may be generated based on the security key and the encryption algorithm.
  • the user-plane security key for the CU-UP may be derived by inputting the security key and the encryption algorithm to a KDF.
  • the security key may be used only by the CU-UP or by the CU-UP and the CU-CP.
  • the encryption algorithm may be used only by the CU-UP or by the CU-UP and the CU-CP.
  • step S 1620 the CU-CP transmits the user-plane security key for the CU-UP to the CU-UP.
  • Steps S 1600 to S 1620 may be performed in an initial bearer setup process. Accordingly, the user-plane security key may be transmitted to the CU-UP through a bearer context setup request message.
  • the bearer context setup request message may be transmitted by the CU-CP to set up bearer context within the CU-UP.
  • the user-plane security key may be changed when triggered by the CU-CP or requested by the CU-UP. Accordingly, steps S 1600 to S 1620 may be performed in an initial bearer modification process, and the user-plane security key may be transmitted to the CU-UP through a bearer context modification request message.
  • the bearer context modification request message may be transmitted by CU-CP to modify bearer context in the CU-UP.
  • the CU-UP may replace a user-plane security key stored in the CU-UP with the received user-plane security key and may use the received user-plane security key for traffic protection.
  • the user-plane security key When the user-plane security key is transmitted through the bearer context setup request message or the bearer context modification request message, the user-plane security key may be included in a security information IE.
  • the security information IE provides information for configuring user plane encryption and/or integrity protection. Table 1 shows an example of the security information IE.
  • the security algorithm IE represents the selected encryption algorithm
  • the user plane security key IE represents the generated/derived user-plane security key.
  • the CU-CP may receive a PDCP count wrap-around indication from the CU-UP.
  • the CU-CP updates the encryption algorithm, updates the user-plane security key for the CU-UP based on the updated encryption algorithm, and transmits the updated user-plane security key for the CU-UP to the CU-UP.
  • the CU-CP is a logical node constituting the gNB, which hosts RRC and PDCP-C protocols
  • the CU-UP is a logical node constituting the gNB, which hosts a PDCP-U protocol.
  • the CU-UP may host an SDAP protocol.
  • the CU-CP and the CU-UP may be connected through an E1 interface.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided are a method and an apparatus for supporting security of user traffic when a central unit (CU)-control plane (CP) and a CU-user plane (UP) of a gNB are separated in a wireless communication system. According to an embodiment of the present invention, the CU-CP of the gNB selects an encryption algorithm, generates a user plane security key for the CU-UP on the basis of the encryption algorithm, and transmits the user plane security key for the CU-UP to the CU-CP. The CU-UP applies the received user plane security key. The CU-CP is a logical node constituting the gNB that hosts a radio resource control (RRC) and a packet data convergence protocol (PDCP)-C protocol, and the CU-UP is a logical node constituting the gNB that hosts a PDCP-U protocol.

Description

    BACKGROUND OF THE INVENTION Field of the Invention
  • The present invention relates to wireless communication and, more particularly, to a method and an apparatus for supporting security when a central unit (CU)-control plane (CP) and a CU-user plane (UP) are separated in a new radio access technology (NR) system.
    • Related Art
  • 3rd generation partnership project (3GPP) long-term evolution (LTE) is a technology for enabling high-speed packet communications. Many schemes have been proposed for the LTE objective including those that aim to reduce user and provider costs, improve service quality, and expand and improve coverage and system capacity. The 3GPP LTE requires reduced cost per bit, increased service availability, flexible use of a frequency band, a simple structure, an open interface, and adequate power consumption of a terminal as an upper-level requirement.
  • Work has started in international telecommunication union (ITU) and 3GPP to develop requirements and specifications for new radio (NR) systems. 3GPP has to identify and develop the technology components needed for successfully standardizing the new RAT timely satisfying both the urgent market needs, and the more long-term requirements set forth by the ITU radio communication sector (ITU-R) international mobile telecommunications (IMT)-2020 process. Further, the NR should be able to use any spectrum band ranging at least up to 100 GHz that may be made available for wireless communications even in a more distant future.
  • The NR targets a single technical framework addressing all usage scenarios, requirements and deployment scenarios including enhanced mobile broadband (eMBB), massive machine-type-communications (mMTC), ultra-reliable and low latency communications (URLLC), etc. The NR shall be inherently forward compatible.
  • Mobile carriers are providing more services in service areas which get smaller. This small service area may be specified as a small cell. However, it may be an issue to communicate travelling between these small service areas, in which all of capacity, coverage, and interference need to be considered. Accordingly, it has been proposed to serve small cells through a centralized radio access network (C-RAN). One requirement for implementing the C-RAN is a new concept called fronthaul.
    • SUMMARY OF THE INVENTION
  • In NR, it has been introduced to divide a base station into a central unit (CU) and a distributed unit (DU) in order to solve the problem of fronthaul. In addition, it has been introduced to divide the CU into a CU-control plane (CP) and a CU-user plane (UP) in order to realize the concept of cloud RAN. However, when the CU is divided into the CU-CP and the CU-UP, the potential issue of security may arise.
  • In an aspect, a method for supporting, by a central unit (CU)-control plane (CP) of a gNB, security of a CU-user plane (CU-UP) of the gNB in a wireless communication system is provided. The method includes selecting an encryption algorithm, generating a user plane security key for the CU-UP based on the encryption algorithm, and transmitting the user plane security key for the CU-UP to the CU-UP.
  • In another aspect, a method for supporting, by a central unit (CU)-user plane (UP) of a gNB, security in a wireless communication system is provided. The method includes receiving a user plane security key for the CU-UP from a CU-control plane (CP) of the gNB, and applying the received user plane security key,
  • The CU-CP is a logical node constituting the gNB that hosts a radio resource control (RRC) protocol and a packet data convergence protocol (PDCP)-C protocol, and the CU-UP is a logical node constituting the gNB that hosts a PDCP-U protocol.
  • When a CU-CP is separated from a CU-UP, the CU-UP can process a data packet through security. Further, the CU-UP can successively process data packets through updated security.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows an NG-RAN architecture.
  • FIG. 2 shows a NG user plane protocol stack in a NR system.
  • FIG. 3 shows a NG control plane protocol stack in a NR system.
  • FIG. 4 shows an Xn user plane protocol stack in a NR system.
  • FIG. 5 shows an Xn control plane protocol stack in a NR system.
  • FIG. 6 shows an example of the overall architecture of an NG-RAN.
  • FIG. 7 shows logical nodes (CU-C, CU-U, and DU) in a logical gNB/en-gNB.
  • FIG. 8 shows a deployment scenario for a gNB.
  • FIG. 9 shows the protocol structure of an E1 interface defined between a CU-CP and a CU-UP.
  • FIG. 10 illustrates a method for supporting security of the CU-UP according to embodiment 1-1 of the present invention.
  • FIG. 11 illustrates a method for supporting security of the CU-UP according to embodiment 1-2 of the present invention.
  • FIG. 12 illustrates a method for supporting security of the CU-UP according to embodiment 1-3 of the present invention.
  • FIG. 13 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-1 of the present invention.
  • FIG. 14 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-2 of the present invention.
  • FIG. 15 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-3 of the present invention.
  • FIG. 16 illustrates a method in which a CU-CP of a gNB supports security of a CU-UP according to an embodiment of the present invention.
    •  DESCRIPTION OF EXEMPLARY EMBODIMENTS
  • The technical features described below may be used by a communication standard by the 3rd generation partnership project (3GPP) standardization organization, a communication standard by the institute of electrical and electronics engineers (IEEE), etc. For example, the communication standards by the 3GPP standardization organization include long-term evolution (LTE) and/or evolution of LTE systems. The evolution of LTE systems includes LTE-advanced (LTE-A), LTE-A Pro, and/or 5G new radio (NR). The communication standard by the IEEE standardization organization includes a wireless local area network (WLAN) system such as IEEE 802.11a/b/g/n/ac/ax. The above system uses various multiple access technologies such as orthogonal frequency division multiple access (OFDMA) and/or single carrier frequency division multiple access (SC-FDMA) for downlink (DL) and/or uplink (DL). For example, only OFDMA may be used for DL and only SC-FDMA may be used for UL. Alternatively, OFDMA and SC-FDMA may be used for DL and/or UL.
  • A 5G system is a 3GPP system including a 5G access network (AN), a 5G core network (CN), and a user equipment (UE). The 5G AN is an access network including a non-3GPP access network connected to a CN and/or a new-generation radio access network (NG-RAN).
  • FIG. 1 shows an NG-RAN architecture. Referring to FIG. 1, the NG-RAN includes at least one NG-RAN node. The NG-RAN node includes at least one gNB and/or at least one ng-eNB. The gNB provides NR user plane and control plane protocol terminations towards the UE. The ng-eNB provides E-UTRA user plane and control plane protocol terminations towards the UE. The gNBs and ng-eNBs are interconnected with each other by means of the Xn interface. The gNBs and ng-eNBs are also connected by means of the NG interfaces to the 5G CN. More specifically, the gNBs and ng-eNBs are connected to the access and mobility management function (AMF) by means of the NG-C interface and to the user plane function (UPF) by means of the NG-U interface.
  • The gNB and/or ng-eNB host the following functions:
      • Functions for radio resource management: Radio bearer control, radio admission control, connection mobility control, dynamic allocation of resources to UEs in both uplink and downlink (scheduling);
      • Internet protocol (IP) header compression, encryption and integrity protection of data;
      • Selection of an AMF at UE attachment when no routing to an AMF can be determined from the information provided by the UE;
      • Routing of user plane data towards UPF(s);
      • Routing of control plane information towards AMF;
      • Connection setup and release;
      • Scheduling and transmission of paging messages;
      • Scheduling and transmission of system broadcast information (originated from the AMF or operations & maintenance (O&M));
      • Measurement and measurement reporting configuration for mobility and scheduling;
      • Transport level packet marking in the uplink;
      • Session management;
      • Support of network slicing;
      • QoS flow management and mapping to data radio bearers;
      • Support of UEs in RRC_INACTIVE state;
      • Distribution function for non-assess stratum (NAS) messages;
      • Radio access network sharing;
      • Dual connectivity;
      • Tight interworking between NR and E-UTRA.
  • The AMF hosts the following main functions:
      • NAS signaling termination;
      • NAS signaling security;
      • AS security control;
      • Inter CN node signaling for mobility between 3GPP access networks;
      • Idle mode UE reachability (including control and execution of paging retransmission);
      • Registration area management;
      • Support of intra-system and inter-system mobility;
      • Access authentication;
      • Access authorization including check of roaming rights;
      • Mobility management control (subscription and policies);
      • Support of network slicing;
      • Session management function (SMF) selection.
  • The UPF hosts the following main functions:
      • Anchor point for Intra-/Inter-radio access technology (RAT) mobility (when applicable);
      • External protocol data unit (PDU) session point of interconnect to data network;
      • Packet routing & forwarding;
      • Packet inspection and user plane part of policy rule enforcement;
      • Traffic usage reporting;
      • Uplink classifier to support routing traffic flows to a data network;
      • Branching point to support multi-homed PDU session;
      • QoS handling for user plane, e.g. packet filtering, gating, UL/DL rate enforcement;
      • Uplink traffic verification (service data flow (SDF) to QoS flow mapping);
      • Downlink packet buffering and downlink data notification triggering.
  • The SMF hosts the following main functions:
      • Session management;
      • UE IP address allocation and management;
      • Selection and control of UP function;
      • Configures traffic steering at UPF to route traffic to proper destination;
      • Control part of policy enforcement and QoS;
      • Downlink data notification.
  • FIG. 2 shows a NG user plane protocol stack in a NR system. The NG-U which is the NG user plane interface is defined between the NG-RAN node and the UPF. Referring to the user plane protocol stack of the NG interface in FIG. 2, the transport network layer (TNL) is built on IP transport. The GPRS tunneling protocol user plane (GTP-U) is used on top of user datagram protocol (UDP)/IP to carry the user plane PDUs between the NG-RAN node and the UPF. NG-U provides non-guaranteed delivery of user plane PDUs between the NG-RAN node and the UPF.
  • FIG. 3 shows a NG control plane protocol stack in a NR system. The NG-C which is the NG control plane interface is defined between the NG-RAN node and the AMF. Referring to the control plane protocol stack of the NG interface in FIG. 3, the TNL is built on IP transport. For the reliable transport of signaling messages, the stream control transmission protocol (SCTP) is added on top of IP. The application layer signaling protocol is referred to as NG application protocol (NGAP). The SCTP layer provides guaranteed delivery of application layer messages. In the transport, IP layer point-to-point transmission is used to deliver the signaling PDUs.
  • NG-C provides the following functions:
      • NG interface management;
      • UE context management;
      • UE mobility management;
      • Transport of NAS messages;
      • Paging;
      • PDU session management;
      • Configuration transfer;
      • Warning message transmission.
  • FIG. 4 shows an Xn user plane protocol stack in a NR system. The Xn-U which is the Xn user plane interface is defined between two NG-RAN nodes. Referring to the user plane protocol stack of the Xn interface in FIG. 4, the TNL is built on IP transport. The GTP—U layer is used on top of UDP/IP to carry the user plane PDUs between two NG-RAN nodes. Xn-U provides non-guaranteed delivery of user plane PDUs between two NG-RAN nodes and supports the following functions:
      • Data forwarding;
      • Flow control.
  • FIG. 5 shows an Xn control plane protocol stack in a NR system. The Xn-C which is the Xn control plane interface is defined between two NG-RAN nodes. Referring to the control plane protocol stack of the Xn interface in FIG. 5, the TNL is built on SCTP on top of IP layer. The application layer signaling protocol is referred to as Xn application protocol (XnAP). The SCTP layer provides the guaranteed delivery of application layer messages. In the transport IP layer point-to-point transmission is used to deliver the signaling PDUs.
  • The Xn-C interface supports the following functions:
      • Xn interface management;
      • UE mobility management, including context transfer and RAN paging:
      • Dual connectivity.
  • FIG. 6 shows an example of the overall architecture of an NG-RAN. Referring to FIG. 6, a gNB may include a gNB-central unit (CU) and at least one gNB-distributed unit (DU).
  • The gNB-CU is a logical node that hosts a radio resource control (RRC) protocol, a service data adaptation protocol (SDAP) and a packet data convergence protocol (PDCP) of the gNB or an RRC protocol and a PDCP protocol of an en-gNB. The gNB-CU controls the operation of the at least one gNB-DU. The gNB-DU is a logical node that hosts radio link control (RLC), media access control (MAC), and physical layers of the gNB or the en-gNB. The operation of the gNB-DU is controlled in part by the gNB-CU. One gNB-DU supports one or more cells. One cell is supported by only one gNB-DU.
  • The gNB-CU and gNB-DU are connected via an F1 interface. The gNB-CU terminates the F1 interface connected to the gNB-DU. The gNB-DU terminates the F1 interface connected to the gNB-CU. One gNB-DU is connected to only one gNB-CU. However, the gNB-DU can be connected to a plurality gNB-CUs by suitable implementation. The F1 interface is a logical interface. In the NG-RAN, NG and Xn-C interfaces for a gNB including a gNB-CU and one or more gNB-DUs are terminated by the gNB-CU. In EN-DC, S1-U and X2-C interfaces for the gNB including the gNB-CU and one or more gNB-DUs are terminated by the gNB-CU. A gNB-CU and a gNB-DU connected thereto are seen only as a gNB by another gNB and SGC.
  • FIG. 7 shows logical nodes (CU-C, CU-U, and DU) in a logical gNB/en-gNB. FIG. 7 shows one possible deployment scenario for the NG-RAN shown in FIG. 6. The protocol termination of NG and Xn interfaces is indicated by an ellipse in FIG. 7. In FIG. 7, a central entity and a distributed entity represent physical network nodes.
  • FIG. 8 shows a deployment scenario for a gNB. FIG. 8 shows an example of the architecture and the possible deployment scenario of the NG-RAN illustrated in FIGS. 6 and 7.
  • FIG. 8-(a) shows a collapsed gNB deployment scenario. In this deployment scenario, all RAN protocols and functions are in the same location. This deployment scenario corresponds to that currently used in LTE. This deployment scenario is similar to LTE architecture, thus ensuring maximum backward compatibility with the existing LTE deployment scenario.
  • FIG. 8-(b) shows a disaggregated deployment scenario. In this deployment scenario, RAN protocol functions are distributed across different locations, such as a CU and a DU. The DU hosts RLC, MAC, and physical layers. A CU-CP hosts RRC and PDCP-C protocols. A CU-UP hosts a PDCP-U (and SDAP) protocol. The DU and the CU-CP may be connected via an F1-C interface. The DU and the CU-UP may be connected via an F1-U interface. The CU-CP and the CU-UP may be connected via an E1 interface.
  • According to the disaggregated deployment scenario illustrated in (b) of FIG. 8, the RAN functions may be optimally deployed at different locations based on the scenario and desired performance. For example, the CU-CP may be located near the DU. Alternatively, the CU-CP may be deployed together with DU. In this case, a short latency time may be provided for an important CP procedure, such as connection (re)establishment, handover, and state transition. On the other hand, the CU-UP may be centralized in a regional or national data center. Thus, the CU-UP is advantageous for cloud implementation and may provide a centralized termination point for UP traffic in dual connectivity and tight interworking scenarios. Further, an additional CU-UP may be disposed close to (or co-located with) the DU to provide a local termination point of UP traffic for an application requiring a very low latency time (e.g. ultra-reliable low-latency communications (URLLC) traffic).
  • FIG. 9 shows the protocol structure of an E1 interface defined between a CU-CP and a CU-UP. A TNL is based on IP transmission and includes an SCTP layer above an IP layer. An application-layer signaling protocol is referred to as an E1 application protocol (E1AP).
  • According to the conventional art, user-plane data is encrypted by a PDCP between a UE and an eNB. An encryption function includes both ciphering and deciphering. On a user plane, a unit for encrypted data is a data portion of a PDCP protocol data unit (PDU). Encryption cannot be applied to a PDCP control PDU. An encryption algorithm and a security key used by the PDCP are configured by an RRC layer. The encryption function is activated/suspended/resumed by the RRC layer. When security is activated but is not suspended, the encryption function needs to be applied all PDCP PDUs indicated by the RRC layer for each of DL/UL.
  • Therefore, when the CU-CP and the CU-UP are separated in the NR, how to support security for the traffic of the CU-UP may be an issue. Specifically, for security for the traffic of the CU-UP, the PDCP layer needs to have a security key and an encryption algorithm. The PDCP layer may generate an encryption key for the user plane, KUPenc, based on the security key and the encryption algorithm. However, since the PDCP layer is divided into a PDCP-C in the CU-CP and a PDCP-U in the CU-UP, it is necessary to determine which node to generate a security key, to select an encryption algorithm, and to generate KUPenc for security for the traffic of the CU-UP among the CU-CP and the CU-UP. Further, it is necessary to determine signaling corresponding to the CU-UP.
    • 1. Embodiment 1
  • Embodiment 1 of the present invention proposes an initial procedure for a CU-UP to support security of a data packet when a CU-CP and the CU-UP are separated. Hereinafter, specific embodiments of embodiment 1 of the present invention will be described.
    • (1) Embodiment 1-1
  • FIG. 10 illustrates a method for supporting security of the CU-UP according to embodiment 1-1 of the present invention. In embodiment 1-1, the CU-CP is responsible for generating a security key and selecting an encryption algorithm, and the CU-UP is responsible for generating KUPenc.
  • In step S1000, the CU-CP generates a security key. The security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. In addition, the CU-CP selects an encryption algorithm for a UE based on the security-related capability of the UE. The security-related capability of the UE may indicate all encryption algorithms supported by the UE. The encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • In step S1010, the CU-CP transmits the generated security key and the selected encryption algorithm to the CU-UP. The generated security key and the selected encryption algorithm may be transmitted through a UP setup procedure.
  • In step S1020, the CU-UP generates an encryption key KUPenc for a user plane based on the generated security key and the selected encryption algorithm. Specifically, the CU-UP derives KUPenc by inputting the generated security key and the selected encryption algorithm to a key derivation function (KDF). The generated/derived KUPenc is used to protect UP traffic in the CU-UP.
  • In step S1030, the CU-UP transmits a confirmation message to the CU-CP. The confirmation message may be transmitted through a connection setup confirmation procedure.
    • (2) Embodiment 1-2
  • FIG. 11 illustrates a method for supporting security of the CU-UP according to embodiment 1-2 of the present invention. In embodiment 1-2, the CU-CP is entirely responsible for generating a security key, selecting an encryption algorithm, and generating KUPenc.
  • In step S1100, the CU-CP generates a security key. The security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. In addition, the CU-CP selects an encryption algorithm for a UE based on the security-related capability of the UE. The security-related capability of the UE may indicate all encryption algorithms supported by the UE. The encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. Further, the CU-CP generates an encryption key KUPenc for a user plane based on the generated security key and the selected encryption algorithm. Specifically, the CU-CP derives KUPenc by inputting the generated security key and the selected encryption algorithm to a KDF. The generated/derived KUPenc is used to protect UP traffic in the CU-UP.
  • In step S1110, the CU-CP transmits the generated/derived KUPenc to the CU-UP. The generated/derived KUPenc may be transmitted through a UP setup procedure.
  • In step S1120, the CU-UP applies the received KUPenc to protect UP traffic.
  • In step S1130, the CU-UP transmits a confirmation message to the CU-CP. The confirmation message may be transmitted through a connection setup confirmation procedure.
    • (3) Embodiment 1-3
  • FIG. 12 illustrates a method for supporting security of the CU-UP according to embodiment 1-3 of the present invention. In embodiment 1-3, the CU-CP is responsible for generating a security key, and the CU-UP is responsible for selecting an encryption algorithm and generating KUPenc.
  • In step S1200, the CU-CP generates a security key. The security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • In step S1210, the CU-CP transmits the generated security key and the security-related capability of a UE to the CU-UP. The generated security key and the security-related capability of the UE may be transmitted through a UP setup procedure. The security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • In step S1220, the CU-UP selects an encryption algorithm for the UE based on the received security-related capability of the UE. The encryption algorithm encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. Further, the CU-UP generates an encryption key KUPenc for a user plane based on the generated security key and the selected encryption algorithm. Specifically, the CU-UP derives KUPenc by inputting the generated security key and the selected encryption algorithm to a KDF. The generated/derived KUPenc is used to protect UP traffic in the CU-UP.
  • In step S1230, the CU-UP transmits a confirmation message including the selected encryption algorithm to the CU-CP. The confirmation message may be transmitted through a connection setup confirmation procedure.
  • In step S1240, the CU-CP processes the selected encryption algorithm received from the CU-UP. The CU-CP may determine whether to apply the same selected encryption algorithm in the CU-CP.
  • In operation S1250, the CU-CP transmits an RRC connection reconfiguration message including the selected encryption algorithm to the UE. In step S1260, the UE transmits an RRC connection reconfiguration complete message to the CU-CP in response to the RRC connection reconfiguration message.
  • According to embodiment 1 of the present invention, the CU-UP can process a data packet through security.
    • 2. Embodiment 2
  • Embodiment 2 of the present invention proposes an update procedure for supporting security of a data packet in order to solve the problem of PDCP wrap-around that may occur in a CU-UP when a CU-CP and the CU-UP are separated. Specifically, a large quantity of data packets may be provided by the CU-UP, in which a PDCP count may wrap around in the CU-UP. Thus, a method of initiating a procedure for renewing/updating the security key of the CU-UP may be needed, because the CU-UP is a node that knows the actual condition of a data packet. In the conventional DC procedure, a secondary node (SN) triggers PDCP count wrap around through a secondary cell group (SCG) change instruction in an SN modification request message transmitted to a master node (MN).
  • Hereinafter, specific embodiments of embodiment 2 of the present invention will be described. The specific embodiments of embodiment 2 of the present invention can depend on the specific embodiment of embodiment 1 of the present invention described above.
    • (1) Embodiment 2-1
  • FIG. 13 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-1 of the present invention. Similarly to in embodiment 1-1, in embodiment 2-1, the CU-CP is responsible for updating a security key and an encryption algorithm, and the CU-UP is responsible for updating KUPenc.
  • In step S1300, the CU-UP detects that a DL or UL PDCP count is soon to wrap around.
  • In step S1310, the CU-UP transmits a PDCP count wrap-around indication to the CU-CP. The PDCP count wrap-around indication may be transmitted via a connection modification procedure.
  • In step S1320, the CU-CP updates a security key. The security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. In addition, the CU-CP updates an encryption algorithm for a UE based on the security-related capability of the UE. The security-related capability of the UE may indicate all encryption algorithms supported by the UE. The encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • In step S1330, the CU-CP transmits the updated security key and the updated encryption algorithm to the CU-UP. The updated security key and the updated encryption algorithm may be transmitted through a UP modification procedure.
  • In step S1340, the CU-UP newly generates an encryption key KUPenc for a user plane based on the updated security key and the updated encryption algorithm. Specifically, the CU-UP derives updated KUPenc by inputting the updated security key and the updated encryption algorithm to a KDF. The updated KUPenc is used to protect UP traffic in the CU-UP.
  • In step S1350, the CU-UP transmits a confirmation message to the CU-CP. The confirmation message may be transmitted through a connection modification confirmation procedure.
    • (2) Embodiment 2-2
  • FIG. 14 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-2 of the present invention. Similarly to in embodiment 1-2, in embodiment 2-2, the CU-CP is entirely responsible for updating a security key, an encryption algorithm, and KUPenc.
  • In step S1400, the CU-UP detects that a DL or UL PDCP count is soon to wrap around.
  • In step S1410, the CU-UP transmits a PDCP count wrap-around indication to the CU-CP. The PDCP count wrap-around indication may be transmitted via a connection modification procedure.
  • In step S1420, the CU-CP updates a security key. The security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. In addition, the CU-CP updates an encryption algorithm for a UE based on the security-related capability of the UE. The security-related capability of the UE may indicate all encryption algorithms supported by the UE. The encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. Further, the CU-CP newly generates an encryption key KUPenc for a user plane based on the updated security key and the updated encryption algorithm. Specifically, the CU-CP derives updated KUPenc by inputting the updated security key and the updated encryption algorithm to a KDF. The updated KUPenc is used to protect UP traffic in the CU-UP.
  • In step S1430, the CU-CP transmits the updated KUPenc to the CU-UP. The updated KUPenc may be transmitted through a UP modification procedure.
  • In step S1440, the CU-UP applies the received KUPenc to protect UP traffic.
  • In step S1450, the CU-UP transmits a confirmation message to the CU-CP. The confirmation message may be transmitted through a connection modification confirmation procedure.
    • (3) Embodiment 2-3
  • FIG. 15 illustrates a method of updating a security key when a PDCP count wraps around in the CU-UP according to embodiment 2-3 of the present invention. Similarly to in embodiment 1-3, in embodiment 2-3, the CU-CP is responsible for updating a security key, and the CU-UP is responsible for updating an encryption algorithm and KUPenc.
  • In step S1500, the CU-UP detects that a DL or UL PDCP count is soon to wrap around.
  • In step S1510, the CU-UP transmits a PDCP count wrap-around indication to the CU-CP. The PDCP count wrap-around indication may be transmitted via a connection modification procedure.
  • In step S1520, the CU-CP updates a security key. The security key may be used only by the CU-UP for UP traffic. Alternatively, the security key may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic.
  • In step S1530, the CU-CP transmits the updated security key and the security-related capability of a UE to the CU-UP. The updated security key and the security-related capability of the UE may be transmitted through a UP modification procedure. The security-related capability of the UE may indicate all encryption algorithms supported by the UE.
  • In step S1540, the CU-UP update an encryption algorithm for the UE based on the received security-related capability of the UE. The encryption algorithm encryption algorithm may be used only by the CU-UP for UP traffic. Alternatively, the encryption algorithm may be commonly used by the CU-CP and the CU-UP for CP signaling and UP traffic. Further, the CU-UP newly generates an encryption key KUPenc for a user plane based on the updated security key and the updated encryption algorithm. Specifically, the CU-UP derives updated KUPenc by inputting the updated security key and the updated encryption algorithm to a KDF. The updated KUPenc is used to protect UP traffic in the CU-UP.
  • In step S1550, the CU-UP transmits a confirmation message including the updated encryption algorithm to the CU-CP. The confirmation message may be transmitted through a connection modification confirmation procedure.
  • In step S1560, the CU-CP processes the updated encryption algorithm received from the CU-UP. The CU-CP may determine whether to apply the same updated encryption algorithm in the CU-CP.
  • In step S1570, the CU-CP transmits an RRC connection reconfiguration message including the updated encryption algorithm to the UE. In step S1580, the UE transmits an RRC connection reconfiguration complete message to the CU-CP in response to the RRC connection reconfiguration message.
  • According to embodiment 2 of the present invention, the CU-UP can successively process data packets through updated security when a PDCP count wraps around in the CU-UP.
  • FIG. 16 illustrates a method in which a CU-CP of a gNB supports security of a CU-UP according to an embodiment of the present invention. The embodiment of FIG. 16 corresponds to embodiments 1-2 and 2-2 described above.
  • In step S1600, a CU-CP selects an encryption algorithm. The encryption algorithm may be selected based on the security-related capability of a UE. The security-related capability of the UE may be any encryption algorithm supported by the UE.
  • In step S1610, the CU-CP generates a user-plane security key for the CU-UP based on the encryption algorithm. The CU-CP may generate a security key. The user-plane security key for the CU-UP may be generated based on the security key and the encryption algorithm. The user-plane security key for the CU-UP may be derived by inputting the security key and the encryption algorithm to a KDF. The security key may be used only by the CU-UP or by the CU-UP and the CU-CP. The encryption algorithm may be used only by the CU-UP or by the CU-UP and the CU-CP.
  • In step S1620, the CU-CP transmits the user-plane security key for the CU-UP to the CU-UP.
  • Steps S1600 to S1620 may be performed in an initial bearer setup process. Accordingly, the user-plane security key may be transmitted to the CU-UP through a bearer context setup request message. The bearer context setup request message may be transmitted by the CU-CP to set up bearer context within the CU-UP.
  • Alternatively, the user-plane security key may be changed when triggered by the CU-CP or requested by the CU-UP. Accordingly, steps S1600 to S1620 may be performed in an initial bearer modification process, and the user-plane security key may be transmitted to the CU-UP through a bearer context modification request message. The bearer context modification request message may be transmitted by CU-CP to modify bearer context in the CU-UP. When the user-plane security key is transmitted through the bearer context modification request message, the CU-UP may replace a user-plane security key stored in the CU-UP with the received user-plane security key and may use the received user-plane security key for traffic protection.
  • When the user-plane security key is transmitted through the bearer context setup request message or the bearer context modification request message, the user-plane security key may be included in a security information IE. The security information IE provides information for configuring user plane encryption and/or integrity protection. Table 1 shows an example of the security information IE.
  • TABLE 1
    IE type and Semantics
    IE/Group Name Presence Range reference description
    Security Algorithm M 9.3.1.xx15
    User Plane M 9.3.1.xx16
    Security Keys
  • Referring to Table 1, the security algorithm IE represents the selected encryption algorithm, and the user plane security key IE represents the generated/derived user-plane security key. The CU-CP may receive a PDCP count wrap-around indication from the CU-UP. Here, the CU-CP updates the encryption algorithm, updates the user-plane security key for the CU-UP based on the updated encryption algorithm, and transmits the updated user-plane security key for the CU-UP to the CU-UP. The CU-CP is a logical node constituting the gNB, which hosts RRC and PDCP-C protocols, and the CU-UP is a logical node constituting the gNB, which hosts a PDCP-U protocol. The CU-UP may host an SDAP protocol. The CU-CP and the CU-UP may be connected through an E1 interface.
  • In view of the exemplary systems described herein, methodologies that may be implemented in accordance with the disclosed subject matter have been described with reference to several flow diagrams. While for purposed of simplicity, the methodologies are shown and described as a series of steps or blocks, it is to be understood and appreciated that the claimed subject matter is not limited by the order of the steps or blocks, as some steps may occur in different orders or concurrently with other steps from what is depicted and described herein. Moreover, one skilled in the art would understand that the steps illustrated in the flow diagram are not exclusive and other steps may be included or one or more of the steps in the example flow diagram may be deleted without affecting the scope of the present disclosure.

Claims (13)

What is claimed is:
1. A method for supporting, by a central unit (CU)-control plane (CP) of a gNB, security of a CU-user plane (CU-UP) of the gNB in a wireless communication system, the method comprising:
selecting an encryption algorithm;
generating a user plane security key for the CU-UP based on the encryption algorithm; and
transmitting the user plane security key for the CU-UP to the CU-UP,
wherein the CU-CP is a logical node constituting the gNB that hosts a radio resource control (RRC) protocol and a packet data convergence protocol (PDCP)-C protocol, and
wherein the CU-UP is a logical node constituting the gNB that hosts a PDCP-U protocol.
2. The method of claim 1, wherein the CU-CP and the CU-UP are connected via E1 interface.
3. The method of claim 1, further comprising generating a security key.
4. The method of claim 3, wherein the user plane security key for the CU-UP is generated based on the security key and the encryption algorithm.
5. The method of claim 4, wherein the user plane security key for the CU-UP is derived by using the security key and the encryption algorithm as inputs of a key derivation function (KDF) function.
6. The method of claim 3, wherein the security key is only used by the CU-UP or is used by the CU-UP and the CU-CP.
7. The method of claim 1, wherein the encryption algorithm is only used by the CU-UP or is used by the CU-UP and the CU-CP.
8. The method of claim 1, wherein the encryption algorithm is selected based on a security related capability of a user equipment (UE).
9. The method of claim 8, wherein the security related capability of the UE is all encryption algorithms supported by the UE.
10. The method of claim 1, further comprising receiving a PDCP count wrap-around indication from the CU-UP.
11. The method of claim 1, further comprising:
updating the encryption algorithm;
updating the user plane security key for the CU-UP based on the updated encryption algorithm; and
transmitting the updated user plane security key for the CU-UP to the CU-UP.
12. The method of claim 1, wherein the CU-UP hosts a service data adaptation protocol (SDAP) protocol.
13. A method for supporting, by a central unit (CU)-user plane (UP) of a gNB, security in a wireless communication system, the method comprising:
receiving a user plane security key for the CU-UP from a CU-control plane (CP) of the gNB; and
applying the received user plane security key,
wherein the CU-CP is a logical node constituting the gNB that hosts a radio resource control (RRC) protocol and a packet data convergence protocol (PDCP)-C protocol, and
wherein the CU-UP is a logical node constituting the gNB that hosts a PDCP-U protocol.
US16/064,715 2017-06-17 2018-06-18 Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system Abandoned US20200100102A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/064,715 US20200100102A1 (en) 2017-06-17 2018-06-18 Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201762521383P 2017-06-17 2017-06-17
KR10-2018-0069701 2018-06-18
KR1020180069701A KR101944097B1 (en) 2017-06-17 2018-06-18 Method and apparatus for supporting security for separation of cu-cp and cu-up in wireless communication system
PCT/KR2018/006854 WO2018231031A2 (en) 2017-06-17 2018-06-18 Method and apparatus for supporting security for separation of cu-cp and cu-up in wireless communication system
US16/064,715 US20200100102A1 (en) 2017-06-17 2018-06-18 Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system

Publications (1)

Publication Number Publication Date
US20200100102A1 true US20200100102A1 (en) 2020-03-26

Family

ID=64953414

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/064,715 Abandoned US20200100102A1 (en) 2017-06-17 2018-06-18 Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system

Country Status (4)

Country Link
US (1) US20200100102A1 (en)
EP (1) EP3570577B1 (en)
KR (2) KR101944097B1 (en)
CN (1) CN109845300B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022031556A1 (en) * 2020-08-03 2022-02-10 Intel Corporation Computing service enablement for next generation cellular networks
US11523309B2 (en) * 2020-05-29 2022-12-06 Samsung Electronics Co., Ltd. Method and device for supporting handover
WO2023011315A1 (en) * 2021-07-31 2023-02-09 华为技术有限公司 Method for establishing secure transmission channel, method for determining key, and communication apparatus
US20230052655A1 (en) * 2021-08-02 2023-02-16 Cisco Technology, Inc. Securing control/user plane traffic
US20230060726A1 (en) * 2021-08-30 2023-03-02 Qualcomm Incorporated Protection level indication and configuration
US20230179996A1 (en) * 2020-03-18 2023-06-08 Telefonaktiebolaget Lm Ericsson (Publ) Selective user plane protection in 5g virtual ran
US11711455B2 (en) * 2018-04-04 2023-07-25 Zte Corporation Techniques to manage integrity protection
US11950143B2 (en) 2020-05-29 2024-04-02 Samsung Electronics Co., Ltd. Method and device for supporting handover

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114026929B (en) * 2019-08-09 2024-06-14 华为技术有限公司 F1 interface management method and device
CN114600428B (en) * 2019-08-15 2024-06-18 瑞典爱立信有限公司 System and method for measuring the number of packets in a CUPS
CN112399409A (en) * 2019-08-16 2021-02-23 华为技术有限公司 Method and device for secure encryption
KR102705230B1 (en) * 2019-08-19 2024-09-11 텔레호낙티에볼라게트 엘엠 에릭슨(피유비엘) Method and device for performing protection control in core network
CN112953685B (en) * 2019-12-11 2023-03-28 中国移动通信有限公司研究院 Model data transmission method and related network equipment
CN113163341A (en) * 2020-01-22 2021-07-23 北京三星通信技术研究有限公司 Method and apparatus for transmitting data in wireless communication system
CN113556673A (en) * 2020-04-26 2021-10-26 三峡大学 MBSFN network slice forming and verifying method
CN113766497B (en) * 2020-06-01 2023-03-21 中国电信股份有限公司 Key distribution method, device, computer readable storage medium and base station
KR20230024779A (en) * 2021-08-12 2023-02-21 삼성전자주식회사 Method and apparatus for protecting information transmitted and received in a user plane in a wireless communication system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4992134A (en) * 1989-11-14 1991-02-12 Advanced Micro Devices, Inc. Dopant-independent polysilicon plasma etch
KR101435832B1 (en) * 2007-03-19 2014-08-29 엘지전자 주식회사 Method for processing radio protocol in mobile telecommunications system and transmitter of mobile telecommunications
US8396037B2 (en) * 2008-06-23 2013-03-12 Htc Corporation Method for synchronizing PDCP operations after RRC connection re-establishment in a wireless communication system and related apparatus thereof
CN102369765B (en) * 2009-02-03 2014-02-19 华为技术有限公司 Relay transmission method, relay node and base station
EP2965554B1 (en) * 2013-09-11 2019-07-24 Samsung Electronics Co., Ltd. Method and system to enable secure communication for inter-enb transmission
CN104936173B (en) * 2014-03-18 2022-02-25 华为技术有限公司 Key generation method, main base station, auxiliary base station and user equipment
CN105323231B (en) * 2014-07-31 2019-04-23 中兴通讯股份有限公司 Security algorithm selection method, apparatus and system
CN105592455B (en) * 2014-11-13 2020-09-29 南京中兴软件有限责任公司 Key updating method, device and main transmission node TP
WO2017082950A1 (en) * 2015-11-09 2017-05-18 Intel IP Corporation Novel frame structure to enable fast random access
CN106102106B (en) * 2016-06-20 2020-03-24 电信科学技术研究院 Terminal access method, device and network architecture
CN106162730B (en) * 2016-07-12 2019-11-15 上海华为技术有限公司 A kind of method of communication, equipment and system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11711455B2 (en) * 2018-04-04 2023-07-25 Zte Corporation Techniques to manage integrity protection
US11770467B2 (en) 2018-04-04 2023-09-26 Zte Corporation Techniques to manage integrity protection
US20230179996A1 (en) * 2020-03-18 2023-06-08 Telefonaktiebolaget Lm Ericsson (Publ) Selective user plane protection in 5g virtual ran
US11523309B2 (en) * 2020-05-29 2022-12-06 Samsung Electronics Co., Ltd. Method and device for supporting handover
US11950143B2 (en) 2020-05-29 2024-04-02 Samsung Electronics Co., Ltd. Method and device for supporting handover
WO2022031556A1 (en) * 2020-08-03 2022-02-10 Intel Corporation Computing service enablement for next generation cellular networks
WO2023011315A1 (en) * 2021-07-31 2023-02-09 华为技术有限公司 Method for establishing secure transmission channel, method for determining key, and communication apparatus
US20230052655A1 (en) * 2021-08-02 2023-02-16 Cisco Technology, Inc. Securing control/user plane traffic
US11902260B2 (en) * 2021-08-02 2024-02-13 Cisco Technology, Inc. Securing control/user plane traffic
US20230060726A1 (en) * 2021-08-30 2023-03-02 Qualcomm Incorporated Protection level indication and configuration
US11683351B2 (en) * 2021-08-30 2023-06-20 Qualcomm Incorporated Protection level indication and configuration

Also Published As

Publication number Publication date
EP3570577A2 (en) 2019-11-20
CN109845300B (en) 2021-11-30
KR20180137434A (en) 2018-12-27
KR102320726B1 (en) 2021-11-02
KR101944097B1 (en) 2019-04-17
EP3570577A4 (en) 2020-01-08
CN109845300A (en) 2019-06-04
EP3570577B1 (en) 2021-04-07
KR20190011302A (en) 2019-02-01

Similar Documents

Publication Publication Date Title
US20200100102A1 (en) Method and apparatus for supporting security for cu-cp and cu-up separation in wireless communication system
US11818603B2 (en) Packet duplication
JP6819804B2 (en) Wireless terminals, second core network nodes, and their methods
US12095576B2 (en) Ethernet type packet data unit session communications
EP4008128B1 (en) Configuration of time sensitive bridge during handover
US9883441B2 (en) Method and apparatus to route packet flows over two transport radios
EP2804422B1 (en) Offloading at a small cell access point
US20210185755A1 (en) Method and apparatus for discarding buffered data while keeping connection in cp-up separation
US20170048710A1 (en) Virtualization of the Evolved Packet Core to Create a Local EPC
JP2020039182A (en) Wireless access network node, radio terminal, and method
US11553546B2 (en) Methods and systems for radio access network aggregation and uniform control of multi-RAT networks
JPWO2018029932A1 (en) RADIO ACCESS NETWORK NODE, RADIO TERMINAL, AND METHODS THEREOF
CN109315008B (en) Multi-connection communication method and device
CN110089194A (en) The wireless terminal for configuring dual link is set to be able to enter the method and node of inoperative mode
US11564098B2 (en) Method and apparatus for activating security and changing PDCP version
CN114467288A (en) Data packet transmission method and device
CN116711377A (en) Handover of communication network
KR20240004972A (en) A first node, a second node, and a method executed by the same for processing migration of a node
US20220183090A1 (en) Backhaul channel management for iab networks
EP4456655A1 (en) Communication method and apparatus
WO2023143270A1 (en) Communication method and apparatus
CN116567744A (en) Communication method and device

Legal Events

Date Code Title Description
AS Assignment

Owner name: LG ELECTRONICS INC., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:XU, JIAN;BYUN, DAEWOOK;KIM, SEOKJUNG;REEL/FRAME:047739/0264

Effective date: 20180626

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION